Posted
by
CowboyNeal
on Saturday February 04, 2006 @11:15AM
from the watching-the-watchmen dept.

Kesch writes "Zdnet has a posted a FAQ describing the storage of personal information done by the search engines of AOL, MSN, Yahoo, and, of course, Google. They describe what information is stored, how it is stored, what laws protect it (none), how you can attempt to protect your privacy, and what Congress is doing with regards to the issue."

They describe what information is stored, how it is stored, what laws protect it (none)

As a company operating in the UK, and as I am a citizen of the UK, m privacy is protected by the Data Protection Act [opsi.gov.uk]. I have the right to demand access to my data, and they are legally obliged to give it to me. If I find it to be incorrect, they are obliged to correct it. They can only use this data in the manner in which they are registered to use it with the Data Protection Registrar, and they can only share it with others under strict rules.

However, they have UK operations and these operations will fall under UK law. In the case of Google, trying to access google.com will usually force you to google.co.uk if it detects your IPs geographical origin as being in the UK.

It would be reasonable to assume that the UK DPA would apply to information aquired by the UK operations of US companies.

As you mention most European countries have fairly strict laws governing the collection and keeping of personal data, including the obligation to give access and possible redress.
Google has a Dutch portal and a Dutch sales office, both might make them responsible to follow the Laws of the Land.

Till now especially airlines have been exposed to the authority that is supervising adherence with this law but other companies with international operations are aware.

In the case of Google, trying to access google.com will usually force you to google.co.uk if it detects your IPs geographical origin as being in the UK.

No, not here it doesn't. You have to specifically enter google.co.uk as the address, unless they are using URL masking - which is possible as the first few results are always uk based. However, I have a gmail account so they already know where I'm located (presumably) and the first results are always paid for ad-spots anyway.

In the case of Google, trying to access google.com will usually force you to google.co.uk if it detects your IPs geographical origin as being in the UK.

If you want to access Google US from anywhere in the world, http://www.google.com/ncr [google.com] redirects you to the US version. I'm not sure about China though.... they probably have some sort of agreement against that with them.

However, they have UK operations and these operations will fall under UK law.

Even if they didn't have UK operations, if they collect the data of people located in the UK they still fall under the UK's privacy laws. Otherwise UK companies could just offshore their data collection. Although its rather theoretical, since the privacy laws aren't really enforced strongly, you could end up with a situation similar to the Dmitry Skylorov DCMA case, where an executive of Google could be arrested while visiting t

What do you bet that if you invoked this, Google would say "But we're not a UK company!" Of course, when it comes to appeasing the ChiComs for a shot at the billion-enslaved-Chinese market, "We have to comply with Chinese law because we do business in China."

Google's "Don't be evil" veneer has worn off even quicker than I expected.

What do you bet that if you invoked this, Google would say "But we're not a UK company!"

Like how Microsoft said "But we're not an EU company!" when they are being fined millions and forced to open up their protocols and file formats?

The bottom line is that if you want to do business in a particular country, you need to abide by that country's laws. Google want to do business in the UK (and China), so they have to abide by the UK's (and China's) laws.

I'll concede to you when the OP or another UK citizen posts that Google has complied by supplying him or her with all the information they hold on him or her, individually, and provides him or her with the opportunity to correct it. I'm not holding my breath.

Well there is always an alternate, flood Google with false naughty searches, you privacy returns as a result of all the bogus data generated. So all you need now is a FireFox extension that will, execute random naughty Google etc. searches in the background while you are surfing the net (maybe even including random selections of the search data generated).

So when your real searches are combined with the fake ones, all the data is corrupted (no one can define what is real and what is fake in a court of law

I googled for "Data Privacy Act" on google.co.uk (anonymously, of course) -- there's no mention. Don't you think that if they were complying, they might provide information on how UK citizens can request and correct their information?

I'm not sure where the misunderstanding comes from, but it persists.Google.com (US and intl servers) is still available to China UNCENSORED by Google (at least as uncensored as the US database is). Google.com is apparently censored or degraded by China or their ISPs to the point of being painfully slow, spotty, etc..

Google.cn is the new service that uses servers INSIDE the Great Firewall, therefore isn't censored on the international pipes and is much more available to the people who need it. The tradeoff i

I don't think you understand the situation. Take a moment to consider:1. Bejing is forcing the censorship. The only way Google could steer clear of it is to avoid all service to China. Who does that benefit? The Chinese people might never even hear about such a stunt.

2. All countries (even the US) have some level of censorship, so the test is not "selling out" vs. being true to some ideal. It's a judgement ca Or should Google stop service to all countries that don't meat your ideal?

No, all it took was their complicity with an oppressive regime in censoring their subjects' access to the Internet. The hypothetical was merely an illustrative tool that seems to have failed to enlighten you. Please post back with evidence that Google has complied with the EUCD on an individual EU citizen's request when you find it--until then, it's not even completely a hypothetical.

You still dont really get it. You need to provide evidence that they haven't complied with the EU Data Protection laws (or whatever it is). Until then, that's the very definition of a hypothetical.

As for your comment about China, there have been many many arguments made suggesting Google actually did the most ethical thing in the situation. But I won't debate that here, since it's covered in many other slashdot story discussions.

Wait a minute, didn't Google try to not turn over their American records to the US government? They also don't give certain services in China because they'd have to stop respecting Chinese users' privacy to do so. Oh, sorry, what was that? I think your argument just fell down.

I understand Google also mentions at the bottom of the page when results have been omitted, much the same as they do for DMCA removals.Besides the government of china is blocking those websites, not google. As much as anything google's just removing results that the chinese won't be able to see anyhow. I'd be pretty annoyed if I look something up on Google and the first few pages of results are all 404.

The only other alternative would be for google to stay out of china. That'd be a loss for the 99.9% of chi

Let's think about the worst case scenario here: if search engines are required by law to give up their search history on a particular person, sure it's scary but it doesn't mean much. If you're in court for murder and the evidence is circumstantial at best, will the fact that you googled for "hot sex" and "people dieing" really get you that life sentence?
Obviously this applies at a lot more to child pornography and copyright cases, but for some reason I don't think it would sway the majority of criminal c

The power for the government with respect to search histories is that they've been compiled without the users' having realized they might be turned over to the government, RIAA, lawyers, et al. But now that awareness of this has increased, the use of search histories as a surveillance tool is going to decrease dramatically, as people will realize their searches are visible through the electronic fishbowl and think at least twice before searching for anything that would reflect badly on them. This is doubly

Are there any Canadian lawyers present? Does PIPEDA cover this? I know it deals quite strongly with personally identifiable electronic information, but (at least where I work) we usually assume that means SIN numbers and addresses. Do cookies count?

Google lets you remove your phone number from their database so other people can't look you up. They ought to let you remove your search history from their databases as well. I'm going to suggest this in their support forums.

And if they won't remove it, we should be able to make it useless. Just a little program that runs constantly and searches for random words (both innocuous and suspicious) at random time intervals (probably less than every minute). It would use little bandwidth and would result in your 'search dossier' being inconveniently large and legitimately deniable.

Runs from a CD without installation, keeps setting and history hidden and encrypted, and coolest of all: It runs your browser inside any part of an application you're working with. If you move your mouse away from that window, the browser dissappears and your regular work returns.

Much as this is a nice idea, what you search for is fed into some quite complex algorithms to determine what people are likely to be looking for. If you have an application feeding Google or any other engine a load of irrelevant searches then they lose their ability to improve search results based on pattern matching.

This kind of data collection is partially WHY Google has such a good product, tracking users is gonna be useful research if you are trying to make a more intuitive search engine. This is no different than the feds getting your credit card history or going through your trash, it doesn't make the card company or the trashcan EVIL.

They do. Just log in to your google account and click 'Search History' (at the top), then 'Remove items' (on the left) - As well as the ability to remove individual searches or clicked results, there is also a "Clear entire Search History" option.

It is unlikely that this removes all the information they have about your search history. It may clear it from your google account but the search associated with the IP address may well remain, so the history could be reconstructed from that info (supposing that you have a fixed IP address). This is just speculation on my part, but I dont think that having a google account would actually give you more privacy than not having one.

I'm not seeing this option... I go to Google, click 'My Account' (while logged in). I can edit my password (and security question), edit my name, delete ALL account info., or delete my gmail service. Nothing about search history and such... I'm in the US, where were you that you had those options?

This is only for their personalized searches though. It doesn't include searches you conduct through Google.com while logged in to your Google account--only searches you conduct through their personalized search page. It's a step in the right direction at least. Although if their privacy policy works like their GMail privacy policy, than deleting your search history won't remove it from THEIR servers--just from your view of their information...

I just logged in to this Search History thing. I have both GMail and a personalized home page, and even though I have been using Google for years my search history is empty. I had to opt in to the service to get it to start tracking, and then I was able to successfully suspend it again. I wasn't exactly presented with pages and pages of disclaimers though, and it's not clear if Google will disaasociate my search results from my login from now on.

and not taking the easily available countermeasures (e.g. TOR, JAP) is playing with fire. But this isn't necessarily bad news for Google--if they can charge a "reasonable fee," they could make complying with subpoenas from prosecutors on fishing expeditions, the entertainment cartel, and divorce attorneys into a profit center!

Well, being able to get all of the google searches somebody performed in a certain time frame would be useful to lots more than just divorce lawyers... There are plenty of legal matters where "intent" is a factor... for example, in some states the tort of civil conspiracy requires proof of "malice". Search records, and more general net usage records could go a long way toward proving malice or other states of mind.
Since lawyers are required to be zealous in their representation of their clients, subpoen

Right--I don't remember who said it, but someone referred to Google's search history data as a "database of intentions." It was sometime around then that I started anonymizing my access to the Internet to the extent practical. I don't want the (example) fact that I was curious about eco-terrorism to make me a suspect in a fur-vandalism case or worse sometime down the road.

There has always been a wide spectrum of political opinion here. In the last couple of years self-righteous, right-wing, mouth breathers have become a dominant voice on slashdot. Sad really, because it turns what was once an interesting technology forum into just another echo chamber of morons chanting slogans and catchphrases at each other. I'm sure some people think it is a change for the better, but I think it has driven a lot of former slashdot readers a

Okay, so we all thought to some degree that the guy behind GoogleWatch [google-watch.org] was a nut. I suppose right now is when he can say: I TOLD YOU SO regarding the ability to compile search histories thanks to the never-expiring cookie.

That is only if you don't block all cookies unless there's a good reason not to, like I do.

IP anonymizing is still necessary if you're on a static IP, but it's simplicity itself to refuse a cookie from google. There isn't any reason other than tracking for google to need one, so I've never accepted it.

Google Watch also runs Scroogle.org, a proxy that scrapes Google and/or Yahoo. One reply to the post says that I'm still a nut. But while I may or may not be a nut, this reply from an Anonymous Coward is wrong about the cookie. You don't need a globally-unique ID in a cookie to save the user's preferences. That is NOT the primary purpose of the cookie, but rather a convenient cover story for Google. The purpose of the cookie is so that you have a unique ID to tie together the activity of a single person who

What mind blowing hypocrisyQ: What about links people click on from search engine results? Can that information be turned over too?Yes. Through a process known as redirection [com.com], Yahoo and AOL record what links people click. Unless the companies discard these records, they would be fair game for a subpoena.

Q: Let's say the Bush administration wanted to obtain a list of the names or Internet addresses of anyone who typed "how to grow marijuana" or "how to cheat on income taxes" into Google. Could that be done?
Probably. If the Electronic Communications Privacy Act does not apply, all that's required is a subpoena from a prosecutor, and no prior approval from a judge is necessary. One Harvard law professor calls the subpoena power "akin to a blank check."

"The threshold rule is relevance," says Paul Ohm, the University of Colorado law professor. "Relevance has been quite broadly construed. As long as you can show that something's relevant to a case or criminal investigation, I think the litigant would have a pretty good argument."

The suggestion that relevance has been broadly construed is disturbing. The erosion of civil liberties needn't necessarily follow from the enactment of bad laws, but can, just as easily, follow from too broad an interpretation of existing laws and practices.

If the judiciary restrict the interpretation of terms like relevance to as narrow a meaning as possible there is less room for abuse, but in the present environment it's likely judges, not only in America, but in the west generally, will allow broad definitions of such terms to the detriment of civil liberties.

While the issue of privacy and violation of rights is definate cause of concern, I feel the example of "cheating on income taxes" or "how to grow pot" is silly. Contrary to popular belief, the government really doesn't give an f on these issue and cares as much about them as someone stealing a piece of candy from a store. Well it does care about cheating on income taxes but only IF you really do cheat on income taxes and I'm sure it'll have to be for an substantial amount of money too.

Some legal experts warn that Google searches are no substitute for the painstaking process of evidence and testimony. "If a judge is taking as proof facts that are reported in any public medium that pertain to individual actions by persons involved in a case, that is troubling," said George Fisher, a Stanford University law profess

There's still no mention of Macromedia Flash. Flash applets are very popular on most pages nowadays. They are used for ads, interactive demos, forms and more. But, people don;t seem to realize that they are also highly effective for storing information that can and is used for tracking purposes on your computer.

Have a look at~/macromedia/Macromedia/Flash\ Player/macromedia.com/support/flashplayer/sys

Did you know that all of that was there? Do you know what's stored in all those files? Did you know that those files are accessible by any flash applet that runs on your system and that the flash applet can and does report back to its creator?

Then of course there are the problems due to Java script. Google has one for their analytics service that's all over the web tracking everyone. It's called Urchin and it's even in this page. Just look at the source for this page and search for "urchin.js".

Because as long as the Bush Administration can claim that we are at war, the government is permitted various additional authorities that suspend numerous privacy and citizen protection laws. The current laws and pending laws (IMHO) are only there to make this (1) a permanent reality and (2) to (through the created legality) minimize the number of people who challenge the government's "right" to suspend the various laws that would normally protect US citizens by not having to openly invoke the use of the gov

You missed a somewhat subtle nuance in his statement. Assumption, - you are right and we legally are not at war. Bush can, and is, still claiming that we are at war and is abusing this with his propoganda. Pretty much until the supreame court says no, Bush can still claim this. Whether he is right or wrong is mostly irrelavant.

From the last page of the article (which I find the most useful part of the whole article):How long do companies keep records of my search terms?Microsoft, Google and Yahoo all said they keep data as long as it's necessary, which could mean forever. Microsoft did add that the company is "looking at ways" to provide users with the option to delete their search histories, and Yahoo made a similar statement.

AOL, on the other hand, says it deletes personally identifiable data after 30 days.

Google actually goes a step further and also records the User-Agent string of the browser. According to MSN (on news.com.com) they don't assign IDs to people per se, that is across an extended period of time you will get assigned temporary IDs but they won't end up aggregated under one permanent ID like Google does.

As weird as it sounds, AOL and MSN might be the least invasive ones of the big four.

I was going to RTFA but then realized that zdnet is probably working in association with the government to gather information about people that would be interested in this article. And I'm not going to fall for it.

I was going to RTFA but then realized that [Relevant Website] is probably working in association with the Government to gather information about people that would be interested in this article. And I'm not going to fall for it.

At least this way you have a reason for commenting without reading TFA

It's interesting to note that they don't mention Internet Explorer in this section of TFA.The Index.dat in your "Temporary Internet Files" and in your "Cookies" folders makes any attempts at privacy meaningless.

I made a simple batch file that loads on startup & deletes the Index.dat files. Works like a charm & I never have to think again about someone sniffing through my supposedly clean computer and pulling up my browsing history.

The following are just some of the programs, which provide a level of both encryption and anonymous communication for Internet usage:

Tor: Onion-based routing that acts as a proxy layer between the client computer and the Tor network. http://tor.eff.org/ [eff.org]

I2P: Also known as the Invisible Internet Project. The network is regarded as a message based system. http://www.i2p.net/ [i2p.net]

FreeNet: is a distributed information and storage retrieval system designed to address the concerns of privacy. Freenet is designed to be anonymous and totally peer to peer. http://freenetproject.org/ [freenetproject.org]

GNUnet: is a P2P network that can support many different forms of peer-to-peer applications. http://gnunet.org/ [gnunet.org]

There are other programs and if you do not want your "private details" known then you would be wise to use them. In addition, anyone who thinks their private data that is held by organisations and government departments is safe whether there is a "Data Protection Act" or not then they should think twice for example the "National Security Agency eavesdropping on Americans incident". This is not the first time nor will it be the last time that such incidents will occur. Without being anonymous, we can never have true freedom of speech.

The following two articles should make it quite explicit as to what companies and governments are doing.The EFF has an article. Where it's suing AT&T for breach of privacy.

The Electronic Frontier Foundation (EFF) filed a class-action lawsuit against AT&T Tuesday, accusing the telecom giant of violating the law and the privacy of its customers by collaborating with the National Security Agency (NSA) in its massive and illegal program to wiretap and data-mine Americans' communications. http://www. [eff.org]

I'm not conspiracy theorist, but it seems pretty obvious the real value of this information and what the government might do with it once you examine the playing field and the objectives of all parties involved.

Frist and foremost, the Internet is currently unregulated. This really bothers most governments around the world, and probably the United States most of all. They want to have more control over this medium for a myriad of reasons, not the least of which is tax purposes and the ability to influence the populace. Look at what's been done with mainstream media and you can have an idea of what the powers-that-be would like to see happen to the Internet.

However, the government cannot simply arbitrarily announce they're going to start heavily regulating the Internet. That's not going to work, so the first step will be to try to use some kind of politically-correct issue, to shoe-horn their grimy hands into the issue. This is likely to be something like child pornography, which very few will have problems with. Things like COPA are good examples of regulatory laws which were passed with a minimum of opposition due to the PC-nature of the issues they addressed, but they all have the ultimate goal of setting precedents where the government(s) can tell you what you can do with your web site.

The demographic profiling done by companies like Google is a big part of the government's ability to make their case for additional regulation.

Make no mistake, this is and will continue to happen. Whether or not any of us think that it's practical to try to control/regulate what happens online, the government is sure going to try. With more and more commerce moving to the online world, and less dependence upon traditional media sources, big companies are going to want to have their piece of the pie, and they rarely play fair. We should be paying very close attention to what happens from the perspective of this plan. We should expect and anticipate a few popular scenarios to present themselves which will sway public opinion into allowing more government regulation of online activity. This may have to do with terrorism, child porn, or even spam. It's going to be an interesting time in the next decade as we watch and see how select corporate and government interests try to bully their way into having control of the Internet. Search engines are treasure troves of information they can use to prove any claim they want.

Don't ever forget, if you see it in your browser, it is most likely stored on the hard drive somewhere. The article suggests that users clear their browser's history, cookies, and other temporary files every time they close down their browser. However, they fail to point out that simply deleting the files the usual way does not actually delete them. 'Deleting' files merely removes the file information from your file systems catalog entry. It is like removing the card catalog entry from a libraries' cata

Support sites that protect your privacy and limit government access to it.
Pretty simple statement but not easy to do even with the variety of competing search engines. For example for Newslookup.com I can tell you that your search results tracking, logs and personally indentifiable information is regularly purged. There are other search engines that also make this claim however many sites use a 3rd party to display Ads. With every page display the Ad serving company will have logged the referring link fr

A brute force approach for google analytics is to add the following to your hosts file:
# [Google Inc]
127.0.0.1 www.google-analytics.com

If you are using firefox, then there is an
extension [customizegoogle.com] to customize your interaction with
google. One of the preference sections is privacy settings. Options include anonymizing your user ID and never sending cookie data to google analytics.
labnol.blogspot.com has an
article [blogspot.com] that discusses both of these options and also discusses how to add the hosts entry on a windo

What I guess I should have said is: it goes both ways. We can all be civil to each other, or we can all flame like raging assholes. It appears that, at least so far as/. goes, the choice has been made.

I don't understand why Europeans vent here so much. I chalk it up to trolling. Popular trolling, of course, but no better than the common GNAA horseshit. Since I can't fight the flow, I just insult right back.

Google.co.uk is not a US site, neither is google.de. So unless google stops redirecting me always to google.de and unregister their.de domains, they better start adhering to our privacy laws. They are doing business here (many german Adsense adverts), so they have to follow the laws. And stop shitting on our (european) furniture.